OpenCoverage

bn_x931p.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/bn/bn_x931p.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: bn_x931p.c,v 1.10 2017/01/25 06:15:44 beck Exp $ */-
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL-
3 * project 2005.-
4 */-
5/* ====================================================================-
6 * Copyright (c) 2005 The OpenSSL Project. All rights reserved.-
7 *-
8 * Redistribution and use in source and binary forms, with or without-
9 * modification, are permitted provided that the following conditions-
10 * are met:-
11 *-
12 * 1. Redistributions of source code must retain the above copyright-
13 * notice, this list of conditions and the following disclaimer.-
14 *-
15 * 2. Redistributions in binary form must reproduce the above copyright-
16 * notice, this list of conditions and the following disclaimer in-
17 * the documentation and/or other materials provided with the-
18 * distribution.-
19 *-
20 * 3. All advertising materials mentioning features or use of this-
21 * software must display the following acknowledgment:-
22 * "This product includes software developed by the OpenSSL Project-
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"-
24 *-
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to-
26 * endorse or promote products derived from this software without-
27 * prior written permission. For written permission, please contact-
28 * licensing@OpenSSL.org.-
29 *-
30 * 5. Products derived from this software may not be called "OpenSSL"-
31 * nor may "OpenSSL" appear in their names without prior written-
32 * permission of the OpenSSL Project.-
33 *-
34 * 6. Redistributions of any form whatsoever must retain the following-
35 * acknowledgment:-
36 * "This product includes software developed by the OpenSSL Project-
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"-
38 *-
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY-
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR-
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR-
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,-
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;-
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,-
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)-
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED-
50 * OF THE POSSIBILITY OF SUCH DAMAGE.-
51 * ====================================================================-
52 *-
53 * This product includes cryptographic software written by Eric Young-
54 * (eay@cryptsoft.com). This product includes software written by Tim-
55 * Hudson (tjh@cryptsoft.com).-
56 *-
57 */-
58-
59#include <stdio.h>-
60#include <openssl/bn.h>-
61-
62#include "bn_lcl.h"-
63-
64/* X9.31 routines for prime derivation */-
65-
66/* X9.31 prime derivation. This is used to generate the primes pi-
67 * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd-
68 * integers.-
69 */-
70-
71static int-
72bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb)-
73{-
74 int i = 0;-
75-
76 if (!BN_copy(pi, Xpi))
!BN_copy(pi, Xpi)Description
TRUEnever evaluated
FALSEnever evaluated
0
77 return 0;
never executed: return 0;
0
78 if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
((pi)->top > 0)Description
TRUEnever evaluated
FALSEnever evaluated
((pi)->d[0] & 1)Description
TRUEnever evaluated
FALSEnever evaluated
!BN_add_word(pi, 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
79 return 0;
never executed: return 0;
0
80 for (;;) {-
81 i++;-
82 BN_GENCB_call(cb, 0, i);-
83 /* NB 27 MR is specificed in X9.31 */-
84 if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
BN_is_prime_fa...7, ctx, 1, cb)Description
TRUEnever evaluated
FALSEnever evaluated
0
85 break;
never executed: break;
0
86 if (!BN_add_word(pi, 2))
!BN_add_word(pi, 2)Description
TRUEnever evaluated
FALSEnever evaluated
0
87 return 0;
never executed: return 0;
0
88 }
never executed: end of block
0
89 BN_GENCB_call(cb, 2, i);-
90 return 1;
never executed: return 1;
0
91}-
92-
93/* This is the main X9.31 prime derivation function. From parameters-
94 * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are-
95 * not NULL they will be returned too: this is needed for testing.-
96 */-
97-
98int-
99BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp,-
100 const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,-
101 BN_GENCB *cb)-
102{-
103 int ret = 0;-
104-
105 BIGNUM *t, *p1p2, *pm1;-
106-
107 /* Only even e supported */-
108 if (!BN_is_odd(e))
((e)->top > 0)Description
TRUEnever evaluated
FALSEnever evaluated
((e)->d[0] & 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
109 return 0;
never executed: return 0;
0
110-
111 BN_CTX_start(ctx);-
112 if (p1 == NULL) {
p1 == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
113 if ((p1 = BN_CTX_get(ctx)) == NULL)
(p1 = BN_CTX_g...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
114 goto err;
never executed: goto err;
0
115 }
never executed: end of block
0
116 if (p2 == NULL) {
p2 == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
117 if ((p2 = BN_CTX_get(ctx)) == NULL)
(p2 = BN_CTX_g...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
118 goto err;
never executed: goto err;
0
119 }
never executed: end of block
0
120-
121 if ((t = BN_CTX_get(ctx)) == NULL)
(t = BN_CTX_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
122 goto err;
never executed: goto err;
0
123 if ((p1p2 = BN_CTX_get(ctx)) == NULL)
(p1p2 = BN_CTX...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
124 goto err;
never executed: goto err;
0
125 if ((pm1 = BN_CTX_get(ctx)) == NULL)
(pm1 = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
126 goto err;
never executed: goto err;
0
127-
128 if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
!bn_x931_deriv... Xp1, ctx, cb)Description
TRUEnever evaluated
FALSEnever evaluated
0
129 goto err;
never executed: goto err;
0
130-
131 if (!bn_x931_derive_pi(p2, Xp2, ctx, cb))
!bn_x931_deriv... Xp2, ctx, cb)Description
TRUEnever evaluated
FALSEnever evaluated
0
132 goto err;
never executed: goto err;
0
133-
134 if (!BN_mul(p1p2, p1, p2, ctx))
!BN_mul(p1p2, p1, p2, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
0
135 goto err;
never executed: goto err;
0
136-
137 /* First set p to value of Rp */-
138-
139 if (!BN_mod_inverse_ct(p, p2, p1, ctx))
!BN_mod_invers..., p2, p1, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
0
140 goto err;
never executed: goto err;
0
141-
142 if (!BN_mul(p, p, p2, ctx))
!BN_mul(p, p, p2, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
0
143 goto err;
never executed: goto err;
0
144-
145 if (!BN_mod_inverse_ct(t, p1, p2, ctx))
!BN_mod_invers..., p1, p2, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
0
146 goto err;
never executed: goto err;
0
147-
148 if (!BN_mul(t, t, p1, ctx))
!BN_mul(t, t, p1, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
0
149 goto err;
never executed: goto err;
0
150-
151 if (!BN_sub(p, p, t))
!BN_sub(p, p, t)Description
TRUEnever evaluated
FALSEnever evaluated
0
152 goto err;
never executed: goto err;
0
153-
154 if (p->neg && !BN_add(p, p, p1p2))
p->negDescription
TRUEnever evaluated
FALSEnever evaluated
!BN_add(p, p, p1p2)Description
TRUEnever evaluated
FALSEnever evaluated
0
155 goto err;
never executed: goto err;
0
156-
157 /* p now equals Rp */-
158-
159 if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
!BN_mod_sub(p,...Xp, p1p2, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
0
160 goto err;
never executed: goto err;
0
161-
162 if (!BN_add(p, p, Xp))
!BN_add(p, p, Xp)Description
TRUEnever evaluated
FALSEnever evaluated
0
163 goto err;
never executed: goto err;
0
164-
165 /* p now equals Yp0 */-
166-
167 for (;;) {-
168 int i = 1;-
169 BN_GENCB_call(cb, 0, i++);-
170 if (!BN_copy(pm1, p))
!BN_copy(pm1, p)Description
TRUEnever evaluated
FALSEnever evaluated
0
171 goto err;
never executed: goto err;
0
172 if (!BN_sub_word(pm1, 1))
!BN_sub_word(pm1, 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
173 goto err;
never executed: goto err;
0
174 if (!BN_gcd_ct(t, pm1, e, ctx))
!BN_gcd_ct(t, pm1, e, ctx)Description
TRUEnever evaluated
FALSEnever evaluated
0
175 goto err;
never executed: goto err;
0
176 if (BN_is_one(t)
(((t))->top == 1)Description
TRUEnever evaluated
FALSEnever evaluated
(((t))->d[0] =...gned long)(1))Description
TRUEnever evaluated
FALSEnever evaluated
((1) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
(((t))->top == 0)Description
TRUEnever evaluated
FALSEnever evaluated
!(t)->negDescription
TRUEnever evaluated
FALSEnever evaluated
0
177 /* X9.31 specifies 8 MR and 1 Lucas test or any prime test-
178 * offering similar or better guarantees 50 MR is considerably-
179 * better.-
180 */-
181 && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
BN_is_prime_fa...0, ctx, 1, cb)Description
TRUEnever evaluated
FALSEnever evaluated
0
182 break;
never executed: break;
0
183 if (!BN_add(p, p, p1p2))
!BN_add(p, p, p1p2)Description
TRUEnever evaluated
FALSEnever evaluated
0
184 goto err;
never executed: goto err;
0
185 }
never executed: end of block
0
186-
187 BN_GENCB_call(cb, 3, 0);-
188-
189 ret = 1;-
190-
191err:
code before this statement never executed: err:
0
192-
193 BN_CTX_end(ctx);-
194-
195 return ret;
never executed: return ret;
0
196}-
197-
198/* Generate pair of paramters Xp, Xq for X9.31 prime generation.-
199 * Note: nbits paramter is sum of number of bits in both.-
200 */-
201-
202int-
203BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)-
204{-
205 BIGNUM *t;-
206 int i;-
207 int ret = 0;-
208-
209 /* Number of bits for each prime is of the form-
210 * 512+128s for s = 0, 1, ...-
211 */-
212 if ((nbits < 1024) || (nbits & 0xff))
(nbits < 1024)Description
TRUEnever evaluated
FALSEnever evaluated
(nbits & 0xff)Description
TRUEnever evaluated
FALSEnever evaluated
0
213 return 0;
never executed: return 0;
0
214 nbits >>= 1;-
215 /* The random value Xp must be between sqrt(2) * 2^(nbits-1) and-
216 * 2^nbits - 1. By setting the top two bits we ensure that the lower-
217 * bound is exceeded.-
218 */-
219 if (!BN_rand(Xp, nbits, 1, 0))
!BN_rand(Xp, nbits, 1, 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
220 return 0;
never executed: return 0;
0
221-
222 BN_CTX_start(ctx);-
223 if ((t = BN_CTX_get(ctx)) == NULL)
(t = BN_CTX_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
224 goto err;
never executed: goto err;
0
225-
226 for (i = 0; i < 1000; i++) {
i < 1000Description
TRUEnever evaluated
FALSEnever evaluated
0
227 if (!BN_rand(Xq, nbits, 1, 0))
!BN_rand(Xq, nbits, 1, 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
228 goto err;
never executed: goto err;
0
229 /* Check that |Xp - Xq| > 2^(nbits - 100) */-
230 BN_sub(t, Xp, Xq);-
231 if (BN_num_bits(t) > (nbits - 100))
BN_num_bits(t) > (nbits - 100)Description
TRUEnever evaluated
FALSEnever evaluated
0
232 break;
never executed: break;
0
233 }
never executed: end of block
0
234-
235 if (i < 1000)
i < 1000Description
TRUEnever evaluated
FALSEnever evaluated
0
236 ret = 1;
never executed: ret = 1;
0
237-
238err:
code before this statement never executed: err:
0
239 BN_CTX_end(ctx);-
240-
241 return ret;
never executed: return ret;
0
242}-
243-
244/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1-
245 * and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL-
246 * the relevant parameter will be stored in it.-
247 *-
248 * Due to the fact that |Xp - Xq| > 2^(nbits - 100) must be satisfied Xp and Xq-
249 * are generated using the previous function and supplied as input.-
250 */-
251-
252int-
253BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,-
254 BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)-
255{-
256 int ret = 0;-
257-
258 BN_CTX_start(ctx);-
259 if (Xp1 == NULL) {
Xp1 == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
260 if ((Xp1 = BN_CTX_get(ctx)) == NULL)
(Xp1 = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
261 goto error;
never executed: goto error;
0
262 }
never executed: end of block
0
263 if (Xp2 == NULL) {
Xp2 == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
264 if ((Xp2 = BN_CTX_get(ctx)) == NULL)
(Xp2 = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
265 goto error;
never executed: goto error;
0
266 }
never executed: end of block
0
267-
268 if (!BN_rand(Xp1, 101, 0, 0))
!BN_rand(Xp1, 101, 0, 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
269 goto error;
never executed: goto error;
0
270 if (!BN_rand(Xp2, 101, 0, 0))
!BN_rand(Xp2, 101, 0, 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
271 goto error;
never executed: goto error;
0
272 if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
!BN_X931_deriv...2, e, ctx, cb)Description
TRUEnever evaluated
FALSEnever evaluated
0
273 goto error;
never executed: goto error;
0
274-
275 ret = 1;-
276-
277error:
code before this statement never executed: error:
0
278 BN_CTX_end(ctx);-
279-
280 return ret;
never executed: return ret;
0
281}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2